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Abstract 

In  this  paper,  we  present  results  for  significantly  improv¬ 
ing  the  performance  of  sequential  circuit  diagnostic  test  pat¬ 
tern  generation  (DATPG).  Our  improvements  are  achieved 
by  developing  results  that  permit  dynamic,  fully  functional, 
collapsing  of  candidate  faults.  Fault  collapsing  permits  the 
organization  of  faults  into  disjoint  partitions  based  on  the 
indistinguishability  relation.  Ibese  results  are  used  to  de¬ 
velop  a  diagnostic  test  pattern  generation  algorithm  that  has 
the  same  order  of  complexity  as  that  of  detection-oriented 
test  generation  (ATPG).  Techniques  to  identify  untestable 
faults,  based  on  exploiting  indistinguishability  identifica¬ 
tion,  are  also  presented.  Experimental  results  are  presented 
on  the  ISCAS  89  benchmark  circuits. 

1  Introduction 

The  aim  of  diagnostic  test  generation  is  to  provide  test 
vectors  that  can  distinguish  between  every  distinguishable 
fault  pair  and  to  prove  the  remaining  pairs  of  faults  to  be  in¬ 
distinguishable.  This  is  in  contrast  with  detection-oriented 
test  generation  which  aims  at  generating  test  vectors  that  de¬ 
tect  every  detectable  fault  and  proving  the  remaining  faults 
to  be  undetectable.  The  terms  distinguishable,  indistin¬ 
guishable,  detectable  and  undetectable  take  on  different 
meanings  with  different  test  methodologies  (multiple  ob¬ 
servation  time  [1,2],  single  observation  time  [1,2]  or  con¬ 
ventional,  gate-level  test  generation  with  single  observation 
time  and  three-valued  simulation  [3]).  However,  irrespec¬ 
tive  of  the  test  methodology,  proving  indistinguishabilities 
and  undetectabilities  is  computationally  intensive.  Previ¬ 
ous  research  on  diagnostic  test  generation  has  primarily  fo¬ 
cused  on  combinational  circuits  [4-7].  Research  on  indis¬ 
tinguishability  identification  has  also  been  devoted  mainly 
toward  combinational  circuits  [8-11].  The  words  equiva¬ 
lence  and  indistinguishability  carry  the  same  meaning  for 
combinational  circuits;  however,  such  is  not  the  case  for  se¬ 
quential  circuits,  where  the  definition  of  sequential  indistin¬ 
guishability  itself  is  dependent  upon  the  test  methodology 
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used.  Recent  work  [12, 13]  has  defined  sequential  indistin¬ 
guishability  under  varying  test  strategies  and  simulation  ca¬ 
pabilities.  That  work  derived  results  on  avoiding  the  explicit 
proving  of  specific  indistinguishability  relations.  Results  on 
diagnostic  test  pattern  generation  for  large  sequential  cir¬ 
cuits  have  also  been  reported  in  recent  work  [14],  However, 
in  contrast  with  this  present  paper,  there  was  no  attempt  in 
the  previous  work  to  re-use  the  results  already  obtained  dur¬ 
ing  DATPG.  The  focus  there  was  on  developing  an  efficient 
diagnostic  engine  that,  when  given  a  pair  of  stuck-at  faults, 
either  generates  a  test  sequence  that  distinguishes  the  two 
faults  or  concludes  that  they  are  indistinguishable. 

In  this  paper,  we  develop  results  that  permit  the  dynamic 
collapsing  of  faults  for  sequential  circuits.  Dynamic  col¬ 
lapsing  refers  to  the  process  of  collapsing  faults  during  di¬ 
agnostic  test  pattern  generation.  This  is  in  contrast  with 
previous  work  on  fault  collapsing  in  sequential  circuits  [15] 
where  the  objective  was  to  collapse  faults  statically  (without 
a  diagnostic  test  generator  and  possibly  even  before  any  au¬ 
tomatic  test  pattern  generation).  Our  fault  collapsing  results 
are  used  in  organizing  specific  classes  of  faults  into  disjoint 
partitions  based  on  the  indistinguishability  relation.  These 
results  are  used  to  reduce  the  complexity  of  diagnostic  test 
generation  algorithm  (DATPG)  to  the  same  order  of  com¬ 
plexity  as  that  of  detection-oriented  test  generation  (ATPG). 
This  significant  reduction  is  achieved  by  the  efficient  reuse 
of  the  intermediate  results  provided  by  the  DATPG  algo¬ 
rithm. 

2  Definitions 

In  this  section,  we  briefly  review  the  definitions  of  se¬ 
quential  indistinguishability  under  varying  test  strategies.  A 
previous  paper  [12]  developed  these  definitions  for  the  con¬ 
text  of  fault  diagnosis.  The  definitions  are  summarized  here 
for  clarity.  The  test  strategies  considered  are  the  multiple 
observation  time  strategy  (MOTS)  [1,2, 16],  and  the  con¬ 
ventional  gate  level  test  generation  strategy  (using  three- 
valued  simulation  to  evaluate  logic  values)  [3].  The  con¬ 
ventional  gate-level  test  generation  strategy  can  in  fact  be 
considered  to  be  a  restricted  form  of  the  single  observation 
time  strategy  (RSOTS),  because  of  a  possible  loss  in  ac-^ 
curacy  due  to  simulation.  Concepts  discussing  various  test 
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strategies  for  distinguishing  sequential  machines  have  also 
been  suggested  in  the  context  of  design  verification  [17, 18]. 

Sequential  indistinguishability  with  MOTS 

Definition  1  (Indistinguishability)  A  fault  pair  (/i,/2)  is 
said  to  be  indistinguishable  if  there  exist  states  5-^*  and 
Sh 

in  the  faulty  machines  corresponding  to  fault  fi  and 
/2  respectively,  and  there  exists  no  input  sequence  Y,  such 
that  the  sequence  {Y,  produced  by  the  faulty  ma¬ 
chine  corresponding  to  fi  is  different  from  the  sequence 
5/2)  produced  by  the  faulty  machine  corresponding 

to  /2, 

Sequential  indistinguishability  with  RSOTS 

As  noted  earlier,  the  restricted  single  observation  time  test 
generation  strategy  represents  practical  gate-level  test  gen¬ 
eration  with  three- valued  (0,1, X)  logic  simulation.  Tlie  def¬ 
inition  of  indistinguishability,  defined  for  the  previous  test 
generation  strategy,  has  worked  witli  tlie  assumption  that 
there  is  no  loss  of  accuracy  that  practical  gate-level  test 
generation  procedures,  targeting  large  sequential  circuits, 
suffer  from  due  to  the  evaluation  of  unknown  values.  We 
now  provide  the  following  definition  to  characterize  sequen¬ 
tial  indistinguishability  in  a  practical  gate-level  test  genera¬ 
tion  environment  that  uses  tliree- valued  logic  simulation. 

Definition  2  (Indistinguishability)  A  fault  pair  (/i ,  /2)  is 
said  to  be  indistinguishable  if  there  exists  no  input  sequence 
Y  such  that  the  output  responses  produced  by  the  two  faulty 
machines,  when  starting  from  the  fully  unspecified  state  and 
as  determined  by  three-valued  logic  simulation,  are  differ¬ 
ent  on  a  specific  time  unit  and  on  a  specific  primary  output 
(i.e.,  0  in  one  machine  and  1  in  the  other  or  vice  versa). 

3  Fault  Collapsing  and  DATPG 

Requirements 

Dynamic  fault  collapsing  proves  valuable  for  diagnostic  test 
generation  because  all  future  operations  involved  in  diag¬ 
nostic  test  generation,  after  a  collapsing  operation,  need  to 
consider  only  one  of  the  two  faults.  Savings  are  achieved 
both  during  the  test  generation  process  as  well  as  during  di¬ 
agnostic  fault  simulation  (required  to  evaluate  the  test  vec¬ 
tors  generated  during  the  DATPG  process).  Let  us  consider 
the  indistinguishable  fault  pair  (/i,  /2).  Our  goal  is  to  ob¬ 
tain  conditions  that  enable  the  collapsing  of  these  two  faults 
into  a  single  fault  and  not  affect  the  rest  of  the  diagnostic  test 
generation  process.  It  is  worth  noting  that  the  conditions 
that  we  actually  check  for  collapsing  also  ensure  that  the 
faulty  machines  in  question  produce  “identical”  responses. 

Definition  3  (Fault  Collapsing  Requirements)  A  fault 
pair  (/i-,  /2 )  can  be  collapsed  if  for  any  arbitrary  fault 


h  different  from  both  faults  fi  and  h  the  following  two 
conditions  are  satisfied. 

Condition  1.  {fiyfz)  identified  as  indistinguishable 
implies  (/2 ,  /a)  indistinguishable  and  vice  versa. 

Condition  2.  (/ij/a)  distinguished  implies  {f2yh) 

distinguished  and  vice  versa. 

We  first  note  the  dynamic  fault  collapsing  result  for  com¬ 
binational  circuits.  Let  us  consider  two  faults  fi  and  /2. 

Observation;  If  the  pair  of  faults  (/i,  /2)  is  declared  to 
be  equivalent  (indistinguishable)  during  diagnostic  test  gen¬ 
eration  in  a  combinational  circuit,  then  they  may  be  col¬ 
lapsed  into  a  single  class  of  faults  and  may  be  represented 
by  eitlier  one  of  the  faults. 

Example 

An  example  illustrating  the  use  of  dynamic  fault  collapsing 
is  presented  in  Figure  1.  In  the  example,  two  DATPG  al¬ 
gorithms  are  traced  to  illustrate  fault  collapsing.  The  first 
algoritlim  runs  without  any  fault  collapsing,  and  the  sec¬ 
ond  algorithm  runs  with  fault  collapsing.  The  column  Cur¬ 
rent  Status  represents  a  set  of  classes  of  faults.  Faults  from 
distinct  classes  have  already  been  distinguished  from  each 
other,  and  faults  in  tlie  same  class  have  not  yet  been  dis¬ 
tinguished.  The  column  Candidate  shows  the  current  fault 
pair  input  to  the  DATPG  algorithm.  The  column  Result 
gives  one  of  tliree  results  I,  D  or  A,  standing  for  indistin¬ 
guishable,  distinguished  or  aborted,  respectively.  The  last 
column  Proven  carries  different  meanings  for  the  two  algo¬ 
rithms.  For  the  case  without  any  fault  collapsing,  it  contains 
fault  pairs  proven  to  be  indistinguishable  from  each  other, 
while  with  fault  collapsing,  the  entries  are  sets  of  classes 
of  faults.  Each  class  represents  faults  that  are  proven  to  be 
indistinguishable  from  each  other. 

We  can  see  from  the  traces  of  this  example  that  sav¬ 
ings  are  achievable  in  the  number  of  indistinguishability 
relations  explicitly  proven  by  the  DATPG  algorithm.  The 
DATPG  algorithm  is  simplified  by  retaining  only  one  of  the 
faults  for  each  time  an  indistinguishability  relation  is  iden¬ 
tified.  For  example,  we  note  that  fault  2  is  eliminated  from 
the  current  status  after  Step  1  because  fault  1  represents  it 
for  all  future  operations.  The  example  shows  that  the  num¬ 
ber  of  indistinguishability  relations  that  need  to  be  proven 
explicitly  by  a  call  to  the  core  diagnostic  test  generation  rou¬ 
tine  has  been  reduced  from  9  to  5.  Fault  pairs  (2  3),  (2  4),  (3 
4)  and  (6  7)  have  been  proven  as  a  result  of  the  collapsing 
operations. 

It  is  also  useful  to  note  the  reductions  provided  in  the  fault 
simulation  operations  while  evaluating  the  test  vectors  ob¬ 
tained  when  a  fault  pair  is  distinguished.  As  an  example, 
the  diagnostic  fault  simulator  used  to  evaluate  the  capabil¬ 
ity  of  the  vectors  provided  after  Step  4  need  not  perform 
any  simulation  or  evaluation  operations  for  faults  2,  3  and 
4.  The  collapsed  list  of  faults  is  automatically  available 


DATPG  algorithm  trace  collapsing 


Current  Status 

Candidate 

B^nsi 

Proven 

mu 

(1  234567  8) 

(1  2) 

I 

[12] 

(12  3  4567  8) 

(1  3) 

I 

[1  2]  [1  3] 

(1  234567  8) 

a  4) 

I 

[1  2]  [1  3]  [1  4] 

■1 

(1  2  3  45678) 

(1  5) 

D 

[1  2]  [1  3]  [1  4] 

5 

(1  234)  (567)  (8) 

(2  3) 

I 

[1  2]  [13][1  4]  [2  3] 

6 

(1  234)  (567)  (8) 

(24) 

I 

[1  2]  [1  3]  [14]  [2  3]  [2  4] 

7 

(1  2  3  4)  (5  6  7)  (8) 

(3  4) 

I 

[1  2]  [1  3]  [14]  [2  3]  [2  4]  [3  4] 

8 

(1  234)  (567)  (8) 

(5  6) 

I 

[12][1  3]  [1  4]  [2  3]  [2  4]  [3  4]  [5  6] 

9 

(1  234)  (567) (8) 

(5  7) 

I 

[1  2]  [13]  [14]  [2  3]  [2  4]  [3  4]  [5  6]  [5  7] 

(1  2  34)  (567) (8) 

(6  7) 

I 

[1  2]  [1  3]  [1  4]  [2  3]  [2  4]  [3  4]  [5  6]  [5  7]  [6  7] 

(1  234)  (567)  (8) 

DONE 

- 

[1  2]  [1  3]  [1  4]  [2  3]  [2  4]  [3  4]  [5  6]  [5  7]  [6  7] 

t  Number  of  indistinguishability  relations  explicitly  proven  by  DATPG  =  9 


DATPG  algorithm  trace  with  collapsing 


HUdSill 

Current  Status 

Candidate 

Proven 

1 

(1  2345678) 

(1  2) 

I 

[12] 

2 

(1  3  4  567  8) 

(1  3) 

[12  3] 

3 

(1  45678) 

(1  4) 

[1  2  3  4] 

4 

(1  567  8) 

(1  5) 

[1  2  3  4] 

5 

(0(5  6  7)  (8) 

[1  2  3  4]  [5  6] 

6 

(1)  (5  7)  (8) 

[1  2  3  4]  [5  67] 

7 

(1)  (5)  (8) 

[1  2  3  4]  [5  67] 

t  Number  of  indistinguishability  relations  explicitly  proven  by  DATPG  =  5 
f  t  Savings  are  achieved  in  fault  simulation  after  a  distinguished  (D)  result  from  DATPG 


Figure  1:  Example  illustrating  tlie  savings  achievable  with  dynamic  fault  collapsing 


as  the  set  of  classes  in  the  column  Proven  at  tlie  end  of 
the  procedure.  Fault  collapsing  cannot  be  applied  to  se¬ 
quential  circuits  based  on  indistinguishability  identification 
alone  because  of  a  possible  failure  in  satisfying  one  of  the 
two  identified  conditions.  However,  we  show  in  tlie  next 
section  that  it  is  possible  to  identify  conditions  that  may 
be  checked  easily  and  permit  the  collapsing  operations  for 
sequential  circuits  under  the  two  test  strategies  considered. 
The  conditions  developed  are  based  on  synchronizing  se¬ 
quences  and  strong  connectivity  (for  MOTS)  and  based  on 
initializing  sequences  (for  RSOTS).  It  is  also  reiterated  that 
we  do  not  intend  in  anyway  to  find  these  sequences,  but  pro¬ 
vide  techniques  to  make  use  of  knowledge  concerning  the 
existence  of  these  sequences  based  on  eitlier  existing  (possi¬ 
bly  detection-oriented)  test  vectors  or  information  provided 
by  designers. 

3.1  Fault  collapsing 

We  shall  now  identify  conditions  for  fault  collapsing 
under  the  restricted  single  observation  time  test  strategy 
(RSOTS). 

Definition  4  (Initializability)  A  machine  M  is  initializable 
with  three-valued  logic  simulation  if  there  exists  an  input  se¬ 
quence  F,  such  that  the  resulting  state  of  M  (evaluated  by 
three-valued  simulation)  is  fully  specified  on  the  application 
ofY,  when  the  initial  state  is  fully  unspecified  (consisting  of 
allXs  and  corresponding  to  the  entire  state  space).  Initializ¬ 
ability  is  thus  synchronizability  subject  to  three-valued  logic 


simulation. 

Theorem  1  Consider  two  faults  fi  and  Let  the  ma¬ 
chines  corresponding  to  these  two  faults  be  and 
respectively.  If  the  fault  pair  (/i,  f^)  is  identified  to  be  in¬ 
distinguishable  and  if  the  machines  and  are  ini¬ 
tializable,  then  the  fault  pair  (/i,  /2)  can  be  collapsed. and 
either  one  of  the  faults  fi  or  can  be  used  to  represent  the 
collapsed  class  of  faults. 

Proof  We  shall  demonstrate  that  both  the  conditions  that 
are  required  to  be  proven  for  fault  collapsing  are  satisfied. 
Consider  any  arbitrary  fault  /a  different  from  the  faults  fi 
and/2. 

Condition  1.  Let  (/ij/a)  be  indistinguishable.  We  now 
demonstrate  (by  contradiction)  that  the  fault  pair  (/a,  /a) 
is  also  indistinguishable.  Let  us  assume  that  the  fault  pair 
(/2,  /s)  is  distinguishable.  This  implies  that  there  exists  an 
input  sequence  F,  such  that  the  output  responses  produced 
by  the  two  faulty  machines,  when  starting  from  the  fully 
unspecified  state  and  as  determined  by  three-valued  logic 
simulation,  are  different  on  a  specific  time  unit  t  and  spe¬ 
cific  primary  output  o  (i.e.,  0  in  one  machine  and  1  in  the 
other  or  vice  versa).  Without  loss  of  generality,  assume  that 
the  value  produced  by  is  0  and  the  v^ue  produced 
by  is  1.  Consider  the  output  response  produced  by 
Ml\  starting  from  the  fully  unspecified  state  and  as  de¬ 
termined  by  three- valued  simulation,  to  the  input  sequence 
F.  This  output  response  must  assume  a  value  of  X  at  time 
t  on  primary  output  o  (otherwise,  one  of  the  pairs  (A,  /2) 
or  (A)  A)  becomes  distinguishable).  However,  it  is  known 


tliat  the  machine  M  is  initializable  with  three-valued  sim¬ 
ulation.  Let  P  be  an  input  sequence  that  initializes  machine 
.  Consider  the  application  of  the  input  sequence  cre¬ 
ated  by  concatenating  Y  at  the  end  of  P  to  the  machine 
starting  from  the  fully  unspecified  state.  The  output 
response  of  the  machine,  as  evaluated  by  three- valued  sim¬ 
ulation,  would  distinguish  either  (/i ,  /2)  or  (/i ,  /a),  at  the 
same  vector  and  primary  output  that  distinguished  (/2,  /s). 
Hence,  we  arrive  at  a  contradiction.  Because  /i  and  can 
be  used  interchangeably  in  the  above  argument,  we  have  tlie 
first  condition. 

Condition  2.  Let  (/i,  fz)  be  distinguished  by  the  test  vec¬ 
tor  sequence  Tr>,  We  now  demonstrate  that  the  fault  pair 
{f2yh)  is  also  distinguished.  Because  the  pair  of  faults 
is  distinguished  by  there  is  a  primary  output 
on  which  the  responses  for  /i  and  /s  are  0(1)  and  1(0),  re¬ 
spectively.  Withoutloss  of  generality,  assume  that  tlie  value 
produced  by  is  0  and  the  value  produced  by  is  1. 
Consider  tlie  response  produced  by  at  the  exact  same 
primary  output  to  tlie  same  sequence  of  vectors  tliat  pro¬ 
duced  the  difference  in  values  between  /i  and  /a.  Tlie  out¬ 
put  response  could  only  be  either  the  value  X  or  tlie  value 
0.  Now,  because  tliere  is  an  initializing  sequence  of  vectors 
for  tlie  machine  ,  say  Q,  the  response  of  the  machine 
to  the  concatenated  sequence  Q  followed  by  To  dis¬ 
tinguishes  the  pair  (/2,  /a).  Again,  because  fi  and  /2  have 
been  used  interchangeably  in  the  above  argument,  we  have 
the  second  condition. 

The  following  result,  derived  from  the  above  result,  ex¬ 
ploits  the  work  done  by  detection-oriented  test  generation 
under  the  conventional  test  generation  strategy. 

Corollary  1  Any  faulty  machine  proven  to  be  undetectable 
can  be  collapsed  with  the  good  machine  provided  the  fault- 
free  and  the  faulty  machines  are  initializable. 

3.1.1  Untestability  Identification  based  on  Indistin- 
guishability  Identification 

We  now  present  two  related  results  that  can  be  used  for 
the  rapid  proving  of  undetectability  by  the  use  of  sequen¬ 
tial  indistinguishability  identification.  The  results  provide 
a  method  to  prove  a  fault  untestable  by  pairing  it  with  an 
already  proven  untestable  fault  that  is  initializable  and  con¬ 
cluding  that  tlie  fault  pair  is  indistinguishable.  If  tlie  fault 
that  is  proven  to  be  untestable  is  combinationally  redundant, 
then  it  may  be  possible  to  make  a  stronger  claim  regarding 
the  kind  of  untestability  that  can  be  identified. 

Corollary  2  (Untestability  identification)  Consider  a 
fault  /i,  aborted  by  detection-oriented  test  generation. 
Let  f2  be  proven  undetectable.  Then,  if  the  pair  of  faults 
(/i,/2)  is  proven  to  be  indistinguishable  and  if  the  faulty 
machine  corresponding  to  is  initializable,  then  the  fault 
/i  is  undetectable. 


Corollary  3  (Untestability  identification)  Consider  a 
fault  fi,  aborted  by  detection-oriented  test  generation. 
Let  h  be  proven  combinationally  redundant  and  initial¬ 
izable.  Then,  if  the  pair  of  faults  (A ,  ff)  is  proven  to  be 
indistinguishable,  the  fault  A  is  undetectable. 

Fault  collapsing  results  similar  to  the  one  in  Theorem  1 
have  also  been  obtained  for  the  multiple  observation  time 
test  stiategy  (MOTS).  These  results  are  based  on  utilizing 
existing  knowledge  of  synchronizing  sequences  and  con¬ 
nectivity  information  [19,20]  in  die  state  transition  graph 
of  the  circuit.  These;  results  are  not  presented  here  due  to 
lack  of  space,  but  are  available  in  a  technical  report  [13], 

3.2  Creation  of  mathematical  equivalence  classes 

The  properties  of  sequential  fault  collapsing  developed 
are  furtlier  exploited  to  show  that  they  help  organize  the 
set  of  faults  that  satisfy  specific  properties  (connectivity, 
synchronizability  or  initializability)  into  disjoint  partitions. 
This  is  a  key  property  that  provides  a  remarkable  reduction 
in  the  complexity  of  diagnostic  test  pattern  generation. 

The  term  mathematical  equivalence  class  is  used  here  as 
opposed  to  just  equivalence  class  in  order  to  make  a  distinc¬ 
tion  between  tlie  formal  definition  of  equivalence  as  defined 
in  file  domain  of  set  theory  and  the  definition  from  the  digi¬ 
tal  circuit  domain. 

Now,  let  us  take  tlie  set  of  the  faults  known  to  be  initial¬ 
izable  and  consider  tlie  indistinguishability  relation  on  this 
set  of  faults.  We  now  show  that  this  relation  is  indeed  a 
mathematical  equivalence  relation. 

Theorem  2  (Init’ble  +  Indist’ble  ^  Disjoint  Partition) 

Let  the  set  of  initializable  faults  be  denoted  by  I  and  the 
relation  R  under  consideration  be  the  indistinguishability 
relation.  Then, 

•  (a,a)  G  R  (reflexive) 

•  (a,  6)  G  R  implies  that  {b,  a)  G  R  (symmetric) 

•  (a,  b)  £  R  and  (6,  c)  G  implies  that  (a,  c)  £  R 
(transitive;  from  our  indistinguishability  results) 

We  exploit  the  well-known  property  of  equivalence  rela¬ 
tions  which  states  that  the  equivalence  classes  are  all  dis¬ 
joint.  Results  similar  to  the  above  result  are  also  achieved 
for  the  multiple  observation  time  test  strategy  by  replacing 
file  initializability  property  with  the  appropriate  properties 
of  connectivity  and  synchronizability.  These  results  are  not 
presented  here  for  lack  of  space. 

4  DATPG 

In  this  section,  we  present  the  new  DATPG  algorithm 
equipped  to  exploit  the  dynamic  collapsing  of  faults  and 
the  implicit  identification  of  indistinguishability.  The  pur¬ 
pose  of  the  DATPG  algorithm  is  to  generate  test  sequences 


that  distinguish  every  distinguishable  fault  pair  and  prove 
the  rest  indistinguishable.  Of  course,  if  the  algorithm  is  un¬ 
able  to  either  generate  a  test  or  prove  the  fault  pair  to  be 
indistinguishable,  then  it  simply  aborts  on  that  fault  pair. 
The  DATPG  algorithm  is  typically  interfaced  with  diagnos¬ 
tic  fault  simulation  to  identify  any  additional  fault  pairs  that 
may  have  been  distinguished  whenever  a  targeted  fault  pair 
is  distinguished. 


//  Routine  GetNextFaultPair()  gets  a  new  fault  pair  into 

//  /i  and  /2;  if  there  are  no  more  pairs,  it  returns  NULL 

//  Routine  Datpg(/i ,  /a)  returns  the  status  of  the  DATPG  operation  as 

//  DISTINGUISHED,  INDISTINGUISHABLE  OR  ABORTED 

//  If  the  status  is  DISTINGUISHED,  the  test  sequence  obtained  is  denoted  by  V 

//  Routine  ClassSpIitDropPairs(  V')  performs  fault  simulation  to  determine  additional 

//  pairs  distinguished  by  appending  the  test  sequence  V  to  the  existing  set 

//  of  test  vectors  and  to  split  the  existing  classes  into  smaller  ones 

//  Routine  Mar klndis(inguishable(/i ,  /a)  marks  the  pair  indistinguishable 

//  Routine  ColIapsingConditionsSatisfied(/i ,  /a)  checks  if  the  conditions 

//  identified  for  the  test  generation  paradigm  being  used  are  satisfied. 

//  Routine  Collapse(/i ,  /a)  chooses  one  of  the  faults  to 
//  represent  both  the  classes  for  the  rest  of  the  DATPG  algoritlim 
//  and  drops  the  other  fault  for  future  operations 

// Routine  IdentifyImpUcitIndistinguishabilUies(/i ,  /a)  checks  to  identify 
//  additional  indistinguishabilities  proven  based  on  the  currently  proven  relation 
//  Routine  MarkAborted(/i ,  /a )  marks  tlie  fault  pair  as  aborted 

while  ((/i ,  /a)  =  GetNextFaultPairO)  { 

{f(Datpg(/i ,  /a)  —  DISTINGUISHED)) 

Clas^plitDropPairs(V); 

elseif  (Datpg(/i ,  /a)  =  INDISTINGUISHABLE))  { 
if  (CollapsingConditionsSatisfied(/i ,  /a))  { 

Conapse(/i ,  /a);  //Dynamic  fault  collapsing  here 

} 

else  { 

Marklndistinguisliable(/i , /a); 
Identifyljnplicitlndistinguishabili(ies(/i ,  /a); 

//Implicit  Identification 

} 

} 

else  {//ABORTED 

MarkAborted(/i ,  /a); 

} 

} 


Figure  2:  New  DATPG  algorithm 

The  new  DATPG  algoritlim,  is  shown  in  Figure  2.  We 
note  again  that  it  is  necessary  to  store  a  fault  pair  explic¬ 
itly  as  indistinguishable  in  the  new  algoritlim  only  when  the 
conditions  required  for  collapsing  the  pair  into  a  single  fault 
fail.  (This  occurs  only  for  sequential  circuits  and  occurs  pre¬ 
cisely  when  initialization  cannot  be  verified  for  at  least  one 
of  the  faults.)  We  also  note  that  the  sequentially  collapsed 
list  of  faults  is  available  at  the  completion  of  the  new  algo¬ 
rithm. 

4.1  On  the  complexity  of  DATPG 

In  this  subsection,  we  show  that  the  complexity  of  diag¬ 
nostic  test  pattern  generation,  using  fault  collapsing  and  im¬ 
plicit  identification  of  sequential  indistinguishability,  is  of 
the  same  order  of  complexity  as  detection-oriented  test  pat¬ 
tern  generation.  In  order  to  estimate  the  computational  com¬ 
plexity  of  the  test  generation  algorithms,  a  basic  operation 


that  can  be  used  to  measure  the  number  of  steps  required  by 
a  test  generation  algorithm  is  introduced.  This  operation  is 
illustrated  in  Figure  3.  A  basic  diagnostic  engine  is  invoked 
either  to  distinguish  a  pair  of  faults  or  to  claim  that  the  pair 
is  indistinguishable.  It  is  to  be  noted  that  both  diagnostic 
test  generation  and  detection-oriented  test  generation  can 
be  modeled  in  terms  of  this  basic  framework,  with  the  pair 
passed  to  tlie  diagnostic  engine  consisting  of  the  good  and 
the  faulty  machine  in  the  case  of  detection-oriented  test  gen¬ 
eration  and  consisting  of  two  faulty  machines  for  diagnostic 
test  generation.  It  is  also  pointed  out  that,  in  this  analysis, 
the  complexity  of  fault  simulation  is  not  considered  because 
simulation  is  typically  significantly  less  expensive  than  test 
pattern  generation. 

Let  us  now  assume  tliat  each  query  to  tlie  diagnostic  en¬ 
gine  involves  a  cost  of  one  computational  unit.  This,  of 
course,  is  not  necessarily  a  correct  assumption  but  it  is  in¬ 
structive  to  analyze  the  complexity  of  botli  the  procedures 
subject  to  this  assumption.  Let  the  total  number  of  faults 
be  /  and  the  number  of  initializable  faults  be  /j.  Let  us 
also  assume  tliat  the  fraction  of  total  faults  that  are  initial¬ 
izable  is  p.  Further,  let  us  assume  that  q  =  1  -  p.  We 
will  demonstrate  later  tliat  the  typical  values  of  p  are  close 
to  1  tlirough  experimental  results.  We  first  note  that  using 
tlie  simple  DATPG  algorithm  where  each  pair  of  faults  is 
explicitly  passed  to  tlie  DATPG  engine,  tlie  complexity  of 
the  entire  procedure  becomes  /(/  -  l)/2.  We  now  demon¬ 
strate  tliat  our  improved  results  permit  the  reduction  of  this 
complexity  to  0{f)  for  typical  values  of  p. 


DATPG 

FAULT  PAIR 

DATPG 

ALGORITHM 

ENGINE 

QndudH  (ii«|DMt>c  fault  limulation) 

D  or  I  or  A 

(Vectors,  if  D) 

Figure  3:  DATPG  and  the  diagnostic  engine 

Let  us  first  finish  the  DATPG  operation  on  pairs  produced 
only  by  the  set  of  initializable  faults  fi.  The  rest  of  the 
pairs  will  be  considered  later  to  complete  the  DATPG  algo- 
ritlim.  At  the  start  of  the  DATPG  algorithm,  all  the  faults 
trivially  belong  to  the  same  class.  First,  let  us  assume  that 
tlie  diagnostic  engine  being  used  in  the  model  is  perfect, 
i.e.,  the  answer  provided  by  tlie  diagnostic  engine  is  either 
distinguished  or  proven  to  be  indistinguishable.  We  shall 
consider  the  case  of  aborted  faults  later  in  the  analysis.  At 
each  step  of  the  DATPG  algorithm,  a  fault  pair  whose  status 
is  as  yet  unknown  (i.e.,  both  the  faults  belong  to  the  same 
current  class)  is  passed  to  the  diagnostic  engine.  The  result 
provided  by  the  diagnostic  engine  introduces  the  following 
changes  in  the  current  list  of  classes: 

•  If  tlie  result  of  the  operation  is  distinguished,  then  the 


number  of  classes  must  increase  by  at  least  1.  (Of 
course,  the  increase  may  be  much  larger  because  tlie 
vectors  produced  may  incidentally  partition  tlie  classes 
into  several  classes.) 

•  If  the  result  of  the  operation  is  indistinguishable,  tlien 
the  number  of  faults  decreases  by  1  because  tlie  two 
faults  can  now  be  collapsed  into  a  single  fault. 

However,  the  maximum  number  of  classes  possible  is  lim¬ 
ited  by  fi  and  the  minimum  number  of  faults  remaining 
in  the  DATPG  algorithm  is  limited  by  1.  It  is  also  clear 
that  both  the  numbers  (number  of  classes  and  number  of 
faults)  vary  monotonically.  Hence,  the  maximum  number 
of  steps  required  by  the  DATPG  algoritlim  is  limited  by  2/^, 
i.e.,  2p/.  The  number  of  remaining  fault  pairs  is  given  by 
PQp  +  1)/2  which  is  less  tlianpg/-^  -1-  g‘‘^/^/2. 

Therefore,  the  total  cost  of  tlie  diagnostic  procedure  can  be 
represented  by  2p/  -f  pqf^  H-  2.  If  g  is  sufficiently 
small,  then  this  expression  has  the  complexity  0(f). 

Now,  if  we  remove  tlie  assumption  about  aborted  faults 
and  assume  tliat  the  diagnostic  engine  does  abort  fault  pairs, 
then  the  analysis  can  be  modified  appropriately.  If  tlie  to¬ 
tal  number  of  fault  pairs  aborted  by  tlie  diagnostic  engine 
is  a,  then  tliat  is  exactly  the  additional  number  of  opera¬ 
tions  that  may  be  required  by  the  DATPG  algoritlim  (be¬ 
cause  an  aborted  fault  pair  neither  permits  a  collapsing  oper¬ 
ation  nor  contributes  to  an  increase  in  tlie  number  of  classes 
and  is,  in  that  sense,  a  wasted  computation).  The  cost  of 
the  DATPG  algorithm  is  thus  represented  by  the  expression 
2pf  4-  pg/^  4-  q^f^/2  4-  a.  If  the  number  of  aborted 
fault  pairs  can  be  assumed  to  be  small  (by  a  good  diagnostic 
engine),  then  the  complexity  can  still  be  seen  to  be  0{f). 

It  is  easy  to  see  tliat  even  a  detection-oriented  ATPG  algo¬ 
rithm  can  indeed  take  0(f)  steps  (if  each  faulty  machine  is 
initialized,  tlie  corresponding  fault  is  distinguishable  from 
each  of  the  other  faults  and  there  are  no  incidental  detec¬ 
tions),  Hence,  tliis  analysis  shows  tliat  botli  DATPG  and 
ATPG  are  of  the  same  order  of  complexity. 

We  also  note  that  the  above  analysis  can  be  repeated 
for  the  multiple  observation  time  test  strategy  assuming  ei¬ 
ther  the  property  of  strong  connectivity  or  synclironizability 
(similar  to  the  use  of  initializability  here)  to  arrive  at  tlie 
same  conclusions  about  the  complexity  of  DATPG. 

Having  performed  the  above  analysis  on  the  complexi¬ 
ties  of  DATPG  and  ATPG,  we  now  present  a  caveat  that  is 
introduced  by  tlie  practical  use  of  tliese  procedures.  In  prac¬ 
tice,  DATPG  often  follows  ATPG;  this  implies  that  many  of 
the  fault  pairs  that  are  easy  to  distinguish  are  distinguished 
incidentally.  Hence,  tlie  fault  pairs  that  are  left  to  be  tar¬ 
geted  explicitly  by  the  DATPG  algorithm  are  often  difficult 
and  hence  may  contribute  to  the  additional  difficulty  of  the 
DATPG  procedure.  In  addition,  tlie  assumption  about  the 
cost  of  the  simulation  step  being  much  less  tlian  that  of  test 
generation  step  may  not  always  be  correct. 


5  Experimental  Results 

Results  on  initialization  and  DATPG 

In  this  section,  we  demonstrate  the  improvements  provided 
by  the  results  developed  in  this  paper  using  the  restricted 
single  observation  time  test  strategy.  This  is  the  chosen 
strategy  because  of  its  practicality  with  respect  to  large  cir¬ 
cuits  and  its  wide-spread  use.  Because  tlie  test  strategy  is 
RSOTS,  tlie  state  property  of  concern  for  enabling  the  re¬ 
sults  developed  is  initializability.  As  we  have  already  noted, 
a  machine  corresponding  to  an  initialized  fault  is  initializ’ 
able.  Because  it  is  easy  to  verify  the  initialization  of  a  faulty 
machine  with  a  given  set  of  vectors,  that  is  our  approach. 

Results  that  show  tlie  improved  computations  in  DATPG 
possible  using  die  improved  DATPG  algorithm  are  pre¬ 
sented  in  Table  1.  Recall  tliat  improvements  in  complexity 
were  achieved  from  the  original  value  of  /(/  -  1) /2  to  the 
improved  value  of  2pf  4-  pqf  -h  g/(g/  -  l)/2,  where 
p  is  the  fraction  of  initializable  faults  and  g  is  the  fraction 
of  faults  not  initialized.  The  results  presented  in  the  table 
show  die  total  faults,  the  number  of  initialized  faults  (using 
HITEC/STG3  [21,22]  vectors),  the  number  of  faults  that 
are  not  initialized,  die  number  of  pairs  that  would  have  to  be 
handled  by  die  old  DATPG  algorithm,  the  number  of  pairs 
diat  would  have  to  be  handled  by  the  new  DATPG  algorithm 
and  the  percentage  ratio  between  the  new  and  the  old  costs. 
These  results  show  diat  it  is  indeed  possible  to  tackle  the 
DATPG  problem  for  die  entire  set  of  faults  for  many  practi¬ 
cal  circuits. 

Results  on  Fault  Collapsing 

The  results  of  a  fault  collapsing  experiment  are  shown  in 
Table  2.  The  first  column  of  the  table  shows  the  benchmark 
circuit  and  the  second  column  shows  the  total  number  of 
faults.  Tliese  faults  were  processed  to  first  remove  combi- 
nationally  (full-scan)  redundant  faults  (to  obtain  the  number 
Nfsr).  The  obtained  faults  are  then  collapsed  by  applying  a 
combinational  equivalence  prover  (DIATEST  [6]).  The  re¬ 
sulting  number  of  faults  is  shown  by  the  column  FscNfsr. 
Undetected  faults  (using  HITEC  [21]  vectors)  are  then  re¬ 
moved  from  this  list  of  faults  to  obtain  the  set  of  faults,  in¬ 
dicated  by  NuFscNfsr.  These  faults  are  processed  with  the 
new  fault  collapsing  diagnostic  test  generator  that  was  built 
on  top  of  the  diagnostic  test  generator  DIAGGEN  [14]  to 
obtain  the  sequentially  collapsed  fist  of  faults,  SeqcNuFsc- 
Nfsr.  Tlie  untestable  faults  that  were  removed  were  then 
added  back  to  this  list  of  faults  to  get  the  fist  of  faults 
indicated  by  SeqcFscNfsr.  The  final  list  of  sequentially 
collapsed  faults  is  obtained  by  adding  back  representative 
faults  from  die  combinationally  redundant  faults  (just  one 
fault  is  sufficient  when  the  good  circuit  is  initializable)  and 
is  shown  by  column  SeqcFsc.  It  is  clear  from  the  numbers 


Table  1:  DATPG  comparison 


Ckt. 

Total  Faults 

Init. 

Not  Init. 

Old  DATPG 
#Pairs 

New  DATPG 
#Pairs 

%  Ratio 
(New/Old) 

s298 

308 

299 

9 

47278 

3325 

7.03 

s344 

342 

329 

13 

58311 

5013 

8.60 

s400 

428 

413 

15 

91378 

7126 

7.80 

s526 

555 

538 

17 

153735 

10358 

6.74 

s641 

467 

460 

7 

108811 

4161 

3.82 

s713 

581 

574 

7 

168490 

5187 

3.08 

s820 

850 

849 

1 

360825 

2547 

0.71 

s832 

870 

869 

1 

378015 

2607 

0.69 

s953 

1079 

3 

1076 

581581 

581584 

100.00 

S1238 

1355 

1355 

0 

917335 

2710 

0.30 

sl423 

1515 

1450 

65 

1146855 

99230 

8.65 

sl488 

1486 

1484  : 

2 

1103355 

5937 

0.54 

sl494 

1506 

1504 

2 

1133265 

6017 

0.53 

s5378 

4603 

4567 

36 

10591503 

174176 

1.64 

S35932 

39094 

39084 

10 

764150871  1 

469053 

0.06 

Table  2:  Fault  collapsing  results 


Ckt. 

Nfsr 

FscNfsr 

NuFscNfsr 

SeqcFscNfsr 

SeqcFsc 

s298 

308 

308 

288 

256 

183 

215 

216 

s344 

342 

342 

337 

330 

255 

262 

263 

s526 

555 

554 

523 

128 

102 

497 

498 

s641 

467 

467 

460 

405 

337 

392 

393 

s713 

581 

542 

469 

413 

338 

394 

395 

s820 

850 

814 

778 

755 

791 

792 

s832 

856 

816 

111 

755 

794 

795 

S1238 

1355 

1286 

1251 

1248 

1209 

1212 

1213 

S1423 

1515 

1501 

1361 

553 

430 

1238 

1239 

sl488 

1486 

1486 

1465 

1426 

1395 

1434 

1435 

sl494 

1494 

1469 

1431 

1401 

1439 

1440 

s5378 

4563 

4190 

2921 

2645 

3914 

3915 

S35932 

\  39094 

35110 

25476  ' 

25235 

25235 

25476 

25477 

in  this  table  that  the  size  of  the  fault  lists  may  be  consider¬ 
ably  reduced  beyond  the  standard  structural  fault  collapsing 
[3]  that  is  widely  used. 

Results  of  Untestability  Identification  using 
Indistinguishability  Identification 

In  the  experiments  performed  here,  the  set  of  aborted  faults 
produced  by  the  HITEC  test  generator  [21]  is  taken  and 
pairs  of  faults  are  created  by  pairing  them  with  (initializ- 
able)  combinationally  redundant  faults.  These  fault  pairs 
are  injected  in  the  last  (rightmost)  frame  of  a  combination- 
ally  expanded  version  of  the  sequential  circuit  (expanded 
10  time  frames  in  this  experiment)  and  their  equivalence  is 
examined  (by  the  diagnostic  test  generator  DIATEST  [6]). 
If  the  fault  pair  is  proven  to  be  equivalent,  then  the  fault  is 


proven  to  be  untestable  in  the  original,  sequential,  circuit. 

Table  3  provides  the  untestability  identification  results. 
The  number  of  initializable,  combinationally  redundant 
faults  is  provided  in  column  4.  Results  are  presented  only 
for  those  circuits  for  which  at  least  one  initializable,  combi¬ 
nationally  untestable  fault  could  be  identified.  Columns  1, 
2,  3,  5,  6  and  7  stand  for  circuit  name,  number  of  proven 
untestable  faults,  number  of  aborted  faults,  number  of  can¬ 
didate  pairs,  number  of  pairs  proven  to  be  indistinguishable 
and  the  number  of  faults  proven  to  be  untestable,  respec¬ 
tively.  The  last  column  presents  the  CPU  time  in  seconds, 
as  measured  on  a  SUN  Ultrasparcl  workstation  with  58  MB 
of  main  memory.  These  results  demonstrate  that  it  is  possi¬ 
ble  to  utilize  the  power  of  indistinguishability  identification 
even  for  untestability  identification. 


Table  3:  Untestability  identification 


Ckt. 

Untest. 

Faults 

Aborted 

Faults 

Comb.  Red. 
Faults 

Candidate 

Pairs 

Proven 

Pairs 

Proven 

Faults 

Time 

(sec) 

s526 

17 

487 

1 

487 

21 

21 

1190 

s832 

46 

8 

14 

112 

70 

5 

234 

sl423 

11 

949 

14 

13286 

32 

5 

14433 

si  494 

40 

17 

12 

204 

132 

11 

1066 

s5378 

148 

1303 

40 

1303 

618 

618 

17479 

S35932 

3984 

10 

3984 

1000 

0 

0 
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6  Summary 

State  space  properties  were  used  to  derive  conditions  un¬ 
der  which  sequential  fault  collapsing  can  be  permitted.  This 
was  used  to  provide  a  result  that  partitions  the  set  of  faults 
into  disjoint  classes.  This  partition  is  arrived  at  by  demon¬ 
strating  that  tlie  class  structure  corresponds  to  a  matliemat- 
ical  equivalence  class  structure.  The  results  presented  per¬ 
mit  the  design  of  a  diagnostic  test  generation  algoritlim  that 
has  the  same  order  of  complexity  as  a  regular,  detection- 
oriented  test  generation  algorithm.  The  results  have  also 
been  effectively  used  for  identifying  untestable  faults.  Ex¬ 
periments  on  benchmark  circuits  were  used  to  demonstrate 
tlie  results. 
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